better-auth 1.6.17 → 1.6.19

package/dist/plugins/open-api/generator.mjs

@@ -1,92 +1,172 @@
 import { db_exports } from "../../db/index.mjs";
 import { getEndpoints } from "../../api/index.mjs";
 import * as z from "zod";
-import { toPascalCase } from "@better-auth/core/utils/string";
 //#region src/plugins/open-api/generator.ts
-const allowedType = new Set([
+const OPEN_API_SCHEMA_TYPES = new Set([
 	"string",
 	"number",
 	"boolean",
 	"array",
 	"object"
 ]);
-function getTypeFromZodType(zodType) {
-	if (zodType instanceof z.ZodDefault) return getTypeFromZodType(zodType.unwrap());
+function getOpenApiTypeFromZodType(zodType) {
+	if (zodType instanceof z.ZodDefault || zodType instanceof z.ZodPrefault) return getOpenApiTypeFromZodType(unwrapZodSchema(zodType));
 	const type = zodType.type;
-	return allowedType.has(type) ? type : "string";
+	return OPEN_API_SCHEMA_TYPES.has(type) ? type : "string";
 }
 function getFieldSchema(field) {
 	const schema = {
 		type: field.type === "date" ? "string" : field.type,
 		...field.type === "date" && { format: "date-time" }
 	};
-	if (field.defaultValue !== void 0) schema.default = typeof field.defaultValue === "function" ? "Generated at runtime" : field.defaultValue;
+	if (field.defaultValue !== void 0) {
+		if (typeof field.defaultValue !== "function") schema.default = field.defaultValue;
+	}
 	if (field.input === false) schema.readOnly = true;
 	return schema;
 }
+function asZodSchema(schema) {
+	return schema;
+}
+function unwrapZodSchema(zodType) {
+	return asZodSchema(zodType.unwrap());
+}
+function getZodDef(zodType) {
+	return zodType._def;
+}
+function getZodDescription(zodType) {
+	return zodType.description;
+}
+function withDescription(schema, zodType) {
+	const description = getZodDescription(zodType);
+	return description ? {
+		...schema,
+		description
+	} : schema;
+}
+function addNullType(schema) {
+	if (schema.type) {
+		const type = Array.isArray(schema.type) ? schema.type : [schema.type];
+		const nullableType = Array.from(new Set([...type, "null"]));
+		return {
+			...schema,
+			type: nullableType
+		};
+	}
+	return { anyOf: [schema, { type: "null" }] };
+}
+function getZodStringSchemaConstraints(zodType) {
+	const minLength = zodType.minLength;
+	const maxLength = zodType.maxLength;
+	return {
+		...typeof minLength === "number" ? { minLength } : {},
+		...typeof maxLength === "number" ? { maxLength } : {}
+	};
+}
+function getZodPipeSchema(zodType) {
+	const def = getZodDef(zodType);
+	return def.in instanceof z.ZodTransform && def.out instanceof z.ZodType ? def.out : def.in;
+}
 function getParameters(options) {
 	const parameters = [];
-	if (options.metadata?.openapi?.parameters) {
-		parameters.push(...options.metadata.openapi.parameters);
-		return parameters;
-	}
-	if (options.query instanceof z.ZodObject) Object.entries(options.query.shape).forEach(([key, value]) => {
-		if (value instanceof z.ZodType) parameters.push({
-			name: key,
-			in: "query",
-			schema: {
-				...processZodType(value),
-				..."minLength" in value && value.minLength ? { minLength: value.minLength } : {}
-			}
-		});
+	if (options.metadata?.openapi?.parameters) parameters.push(...options.metadata.openapi.parameters);
+	if (!options.metadata?.openapi?.parameters && options.query instanceof z.ZodObject) Object.entries(options.query.shape).forEach(([key, value]) => {
+		if (value instanceof z.ZodType) {
+			const parameterSchema = toOpenApiSchema(value);
+			parameters.push({
+				name: key,
+				in: "query",
+				schema: parameterSchema
+			});
+		}
 	});
 	return parameters;
 }
+function getPathParameters(path, parameters) {
+	const existingParameters = new Set(parameters.map((parameter) => `${parameter.in}:${parameter.name}`));
+	return path.split("/").filter((part) => part.startsWith(":")).map((part) => part.slice(1)).filter((name) => !existingParameters.has(`path:${name}`)).map((name) => ({
+		name,
+		in: "path",
+		required: true,
+		schema: { type: "string" }
+	}));
+}
+function getRequestBodySchemaInfo(zodType) {
+	return {
+		required: !schemaAcceptsUndefined(zodType),
+		schema: zodType
+	};
+}
+function schemaAcceptsUndefined(zodType) {
+	if (zodType instanceof z.ZodOptional || zodType instanceof z.ZodDefault || zodType instanceof z.ZodPrefault || zodType instanceof z.ZodCatch || zodType instanceof z.ZodUndefined || zodType instanceof z.ZodVoid) return true;
+	if (zodType instanceof z.ZodNonOptional) return false;
+	if (zodType instanceof z.ZodNullable || zodType instanceof z.ZodReadonly) return schemaAcceptsUndefined(unwrapZodSchema(zodType));
+	if (zodType instanceof z.ZodPipe) return schemaAcceptsUndefined(getZodPipeSchema(zodType));
+	if (zodType instanceof z.ZodUnion) return getZodDef(zodType).options.some((option) => schemaAcceptsUndefined(option));
+	if (zodType instanceof z.ZodIntersection) {
+		const def = getZodDef(zodType);
+		return schemaAcceptsUndefined(def.left) && schemaAcceptsUndefined(def.right);
+	}
+	return false;
+}
+function isUndefinedOnlySchema(zodType) {
+	return zodType instanceof z.ZodUndefined || zodType instanceof z.ZodVoid;
+}
+function isMergeableObjectSchema(schema) {
+	const type = schema?.type;
+	return !!schema && (type === "object" || Array.isArray(type) && type.includes("object")) && schema.$ref === void 0 && schema.allOf === void 0 && schema.anyOf === void 0;
+}
+function schemaAllowsNull(schema) {
+	const type = schema?.type;
+	return Array.isArray(type) && type.includes("null");
+}
+function areSchemasEqual(left, right) {
+	return JSON.stringify(left) === JSON.stringify(right);
+}
+function areSchemaMembersCompatible(left, right) {
+	if (left === void 0 || right === void 0) return true;
+	if (typeof left === "boolean" || typeof right === "boolean") return left === right;
+	return areSchemasEqual(left, right);
+}
+function mergeObjectSchemas(left, right, description) {
+	const properties = { ...left.properties || {} };
+	for (const [key, value] of Object.entries(right.properties || {})) {
+		if (properties[key] !== void 0 && !areSchemasEqual(properties[key], value)) return;
+		properties[key] = value;
+	}
+	const required = Array.from(new Set([...left.required || [], ...right.required || []]));
+	const leftAdditionalProperties = left.additionalProperties;
+	const rightAdditionalProperties = right.additionalProperties;
+	if (!areSchemaMembersCompatible(leftAdditionalProperties, rightAdditionalProperties)) return;
+	const leftPropertyNames = left.propertyNames;
+	const rightPropertyNames = right.propertyNames;
+	if (!areSchemaMembersCompatible(leftPropertyNames, rightPropertyNames)) return;
+	const additionalProperties = leftAdditionalProperties ?? rightAdditionalProperties;
+	const propertyNames = leftPropertyNames ?? rightPropertyNames;
+	return {
+		type: schemaAllowsNull(left) && schemaAllowsNull(right) ? ["object", "null"] : "object",
+		...Object.keys(properties).length > 0 ? { properties } : {},
+		...required.length > 0 ? { required } : {},
+		...additionalProperties !== void 0 ? { additionalProperties } : {},
+		...propertyNames !== void 0 ? { propertyNames } : {},
+		...description ?? left.description ?? right.description ? { description: description ?? left.description ?? right.description } : {}
+	};
+}
 function getRequestBody(options) {
 	if (options.metadata?.openapi?.requestBody) return options.metadata.openapi.requestBody;
 	if (!options.body) return void 0;
-	if (options.body instanceof z.ZodObject || options.body instanceof z.ZodOptional) {
-		const shape = options.body.shape;
-		if (!shape) return void 0;
-		const properties = {};
-		const required = [];
-		Object.entries(shape).forEach(([key, value]) => {
-			if (value instanceof z.ZodType) {
-				properties[key] = processZodType(value);
-				if (!(value instanceof z.ZodOptional)) required.push(key);
-			}
-		});
-		return {
-			required: options.body instanceof z.ZodOptional ? false : options.body ? true : false,
-			content: { "application/json": { schema: {
-				type: "object",
-				properties,
-				required
-			} } }
-		};
-	}
+	const requestBodySchemaInfo = getRequestBodySchemaInfo(options.body);
+	const schema = toOpenApiSchema(requestBodySchemaInfo.schema);
+	return {
+		required: requestBodySchemaInfo.required,
+		content: { "application/json": { schema } }
+	};
 }
-function processZodType(zodType) {
-	if (zodType instanceof z.ZodOptional) {
-		const innerSchema = processZodType(zodType.unwrap());
-		if (innerSchema.type) {
-			const type = Array.isArray(innerSchema.type) ? innerSchema.type : [innerSchema.type];
-			return {
-				...innerSchema,
-				type: Array.from(new Set([...type, "null"]))
-			};
-		}
-		return { anyOf: [innerSchema, { type: "null" }] };
-	}
-	if (zodType instanceof z.ZodDefault) {
-		const innerSchema = processZodType(zodType.unwrap());
-		const defaultValueDef = zodType._def.defaultValue;
-		const defaultValue = typeof defaultValueDef === "function" ? defaultValueDef() : defaultValueDef;
-		return {
-			...innerSchema,
-			default: defaultValue
-		};
-	}
+function toOpenApiSchema(zodType) {
+	if (zodType instanceof z.ZodOptional) return toOpenApiSchema(unwrapZodSchema(zodType));
+	if (zodType instanceof z.ZodNullable) return addNullType(toOpenApiSchema(unwrapZodSchema(zodType)));
+	if (zodType instanceof z.ZodDefault || zodType instanceof z.ZodPrefault || zodType instanceof z.ZodNonOptional) return toOpenApiSchema(unwrapZodSchema(zodType));
+	if (zodType instanceof z.ZodAny) return withDescription({}, zodType);
 	if (zodType instanceof z.ZodObject) {
 		const shape = zodType.shape;
 		if (shape) {
@@ -94,22 +174,64 @@ function processZodType(zodType) {
 			const required = [];
 			Object.entries(shape).forEach(([key, value]) => {
 				if (value instanceof z.ZodType) {
-					properties[key] = processZodType(value);
-					if (!(value instanceof z.ZodOptional)) required.push(key);
+					properties[key] = toOpenApiSchema(value);
+					if (!schemaAcceptsUndefined(value)) required.push(key);
 				}
 			});
-			return {
+			return withDescription({
 				type: "object",
 				properties,
-				...required.length > 0 ? { required } : {},
-				description: zodType.description
-			};
+				...required.length > 0 ? { required } : {}
+			}, zodType);
 		}
 	}
-	return {
-		type: getTypeFromZodType(zodType),
-		description: zodType.description
-	};
+	if (zodType instanceof z.ZodRecord) {
+		const def = getZodDef(zodType);
+		return withDescription({
+			type: "object",
+			propertyNames: toOpenApiSchema(def.keyType),
+			additionalProperties: toOpenApiSchema(def.valueType)
+		}, zodType);
+	}
+	if (zodType instanceof z.ZodIntersection) {
+		const def = getZodDef(zodType);
+		const leftSchema = toOpenApiSchema(def.left);
+		const rightSchema = toOpenApiSchema(def.right);
+		if (isMergeableObjectSchema(leftSchema) && isMergeableObjectSchema(rightSchema)) {
+			const mergedSchema = mergeObjectSchemas(leftSchema, rightSchema, getZodDescription(zodType));
+			if (mergedSchema) return mergedSchema;
+		}
+		return withDescription({ allOf: [leftSchema, rightSchema] }, zodType);
+	}
+	if (zodType instanceof z.ZodUnion) {
+		const def = getZodDef(zodType);
+		const schemas = def.options.filter((option) => !isUndefinedOnlySchema(option)).map((option) => toOpenApiSchema(option));
+		if (schemas.length === 0) return withDescription({}, zodType);
+		if (schemas.length === 1) {
+			const schema = schemas[0];
+			if (!schema) return withDescription({}, zodType);
+			return withDescription(schema, zodType);
+		}
+		return withDescription(def.inclusive === false ? { oneOf: schemas } : { anyOf: schemas }, zodType);
+	}
+	if (zodType instanceof z.ZodArray) return withDescription({
+		type: "array",
+		items: toOpenApiSchema(getZodDef(zodType).element)
+	}, zodType);
+	if (zodType instanceof z.ZodLiteral) return withDescription({ enum: Array.from(zodType.values) }, zodType);
+	if (zodType instanceof z.ZodEnum) return withDescription({
+		type: "string",
+		enum: zodType.options
+	}, zodType);
+	if (zodType instanceof z.ZodPipe) return withDescription(toOpenApiSchema(getZodPipeSchema(zodType)), zodType);
+	if (zodType instanceof z.ZodCatch || zodType instanceof z.ZodReadonly) return withDescription(toOpenApiSchema(getZodDef(zodType).innerType), zodType);
+	if (zodType instanceof z.ZodNull) return withDescription({ type: "null" }, zodType);
+	if (zodType instanceof z.ZodUndefined) return withDescription({}, zodType);
+	if (zodType instanceof z.ZodVoid) return withDescription({}, zodType);
+	return withDescription({
+		type: getOpenApiTypeFromZodType(zodType),
+		...zodType instanceof z.ZodString ? getZodStringSchemaConstraints(zodType) : {}
+	}, zodType);
 }
 function getResponse(responses) {
 	return {
@@ -163,6 +285,29 @@ function getResponse(responses) {
 function toOpenApiPath(path) {
 	return path.split("/").map((part) => part.startsWith(":") ? `{${part.slice(1)}}` : part).join("/");
 }
+function getOperationId(operationId, method, usedOperationIds) {
+	if (!operationId) return;
+	if (!usedOperationIds.has(operationId)) {
+		usedOperationIds.add(operationId);
+		return operationId;
+	}
+	const normalizedMethod = method.toUpperCase();
+	const methodSuffix = normalizedMethod.charAt(0) + normalizedMethod.slice(1).toLowerCase();
+	let candidate = `${operationId}${methodSuffix}`;
+	let duplicateIndex = 2;
+	while (usedOperationIds.has(candidate)) {
+		candidate = `${operationId}${methodSuffix}${duplicateIndex}`;
+		duplicateIndex += 1;
+	}
+	usedOperationIds.add(candidate);
+	return candidate;
+}
+function cloneOpenAPIValue(value) {
+	if (Array.isArray(value)) return value.map((item) => cloneOpenAPIValue(item));
+	if (value instanceof Date) return new Date(value);
+	if (value && typeof value === "object") return Object.fromEntries(Object.entries(value).map(([key, entry]) => [key, cloneOpenAPIValue(entry)]));
+	return value;
+}
 async function generator(ctx, options) {
 	const baseEndpoints = getEndpoints(ctx, {
 		...options,
@@ -200,31 +345,24 @@ async function generator(ctx, options) {
 		return acc;
 	}, {}) } };
 	const paths = {};
-	const seenOperationIds = /* @__PURE__ */ new Set();
-	const uniqueOperationId = (operationId, method) => {
-		if (!operationId) return void 0;
-		const base = seenOperationIds.has(operationId) ? `${operationId}${toPascalCase(method)}` : operationId;
-		let result = base;
-		let n = 2;
-		while (seenOperationIds.has(result)) result = `${base}${n++}`;
-		seenOperationIds.add(result);
-		return result;
-	};
+	const usedOperationIds = /* @__PURE__ */ new Set();
 	Object.entries(baseEndpoints.api).forEach(([_, value]) => {
 		if (!value.path || ctx.options.disabledPaths?.includes(value.path)) return;
 		const options = value.options;
 		if (options.metadata?.SERVER_ONLY) return;
 		const path = toOpenApiPath(value.path);
+		const operationParameters = getParameters(options);
+		const parameters = [...operationParameters, ...getPathParameters(value.path, operationParameters)];
 		const methods = Array.isArray(options.method) ? options.method : [options.method];
 		for (const method of methods.filter((m) => m === "GET" || m === "DELETE")) paths[path] = {
 			...paths[path],
 			[method.toLowerCase()]: {
 				tags: ["Default", ...options.metadata?.openapi?.tags || []],
 				description: options.metadata?.openapi?.description,
-				operationId: uniqueOperationId(options.metadata?.openapi?.operationId, method),
+				operationId: getOperationId(options.metadata?.openapi?.operationId, method, usedOperationIds),
 				security: [{ bearerAuth: [] }],
-				parameters: getParameters(options),
-				responses: getResponse(options.metadata?.openapi?.responses)
+				parameters: cloneOpenAPIValue(parameters),
+				responses: cloneOpenAPIValue(getResponse(options.metadata?.openapi?.responses))
 			}
 		};
 		for (const method of methods.filter((m) => m === "POST" || m === "PATCH" || m === "PUT")) {
@@ -234,14 +372,14 @@ async function generator(ctx, options) {
 				[method.toLowerCase()]: {
 					tags: ["Default", ...options.metadata?.openapi?.tags || []],
 					description: options.metadata?.openapi?.description,
-					operationId: uniqueOperationId(options.metadata?.openapi?.operationId, method),
+					operationId: getOperationId(options.metadata?.openapi?.operationId, method, usedOperationIds),
 					security: [{ bearerAuth: [] }],
-					parameters: getParameters(options),
-					...body ? { requestBody: body } : { requestBody: { content: { "application/json": { schema: {
+					parameters: cloneOpenAPIValue(parameters),
+					...body ? { requestBody: cloneOpenAPIValue(body) } : { requestBody: { content: { "application/json": { schema: {
 						type: "object",
 						properties: {}
 					} } } } },
-					responses: getResponse(options.metadata?.openapi?.responses)
+					responses: cloneOpenAPIValue(getResponse(options.metadata?.openapi?.responses))
 				}
 			};
 		}
@@ -261,16 +399,18 @@ async function generator(ctx, options) {
 			const options = value.options;
 			if (options.metadata?.SERVER_ONLY) return;
 			const path = toOpenApiPath(value.path);
+			const operationParameters = getParameters(options);
+			const parameters = [...operationParameters, ...getPathParameters(value.path, operationParameters)];
 			const methods = Array.isArray(options.method) ? options.method : [options.method];
 			for (const method of methods.filter((m) => m === "GET" || m === "DELETE")) paths[path] = {
 				...paths[path],
 				[method.toLowerCase()]: {
 					tags: options.metadata?.openapi?.tags || [plugin.id.charAt(0).toUpperCase() + plugin.id.slice(1)],
 					description: options.metadata?.openapi?.description,
-					operationId: uniqueOperationId(options.metadata?.openapi?.operationId, method),
+					operationId: getOperationId(options.metadata?.openapi?.operationId, method, usedOperationIds),
 					security: [{ bearerAuth: [] }],
-					parameters: getParameters(options),
-					responses: getResponse(options.metadata?.openapi?.responses)
+					parameters: cloneOpenAPIValue(parameters),
+					responses: cloneOpenAPIValue(getResponse(options.metadata?.openapi?.responses))
 				}
 			};
 			for (const method of methods.filter((m) => m === "POST" || m === "PATCH" || m === "PUT")) paths[path] = {
@@ -278,11 +418,11 @@ async function generator(ctx, options) {
 				[method.toLowerCase()]: {
 					tags: options.metadata?.openapi?.tags || [plugin.id.charAt(0).toUpperCase() + plugin.id.slice(1)],
 					description: options.metadata?.openapi?.description,
-					operationId: uniqueOperationId(options.metadata?.openapi?.operationId, method),
+					operationId: getOperationId(options.metadata?.openapi?.operationId, method, usedOperationIds),
 					security: [{ bearerAuth: [] }],
-					parameters: getParameters(options),
-					requestBody: getRequestBody(options),
-					responses: getResponse(options.metadata?.openapi?.responses)
+					parameters: cloneOpenAPIValue(parameters),
+					requestBody: cloneOpenAPIValue(getRequestBody(options)),
+					responses: cloneOpenAPIValue(getResponse(options.metadata?.openapi?.responses))
 				}
 			};
 		});

package/dist/plugins/open-api/index.d.mts

@@ -1,4 +1,4 @@
-import { FieldSchema, OpenAPIModelSchema, Path, generator } from "./generator.mjs";
+import { FieldSchema, OpenAPIModelSchema, OpenAPIParameter, OpenAPISchema, Path, generator } from "./generator.mjs";
 import { LiteralString } from "@better-auth/core";
 import * as better_call0 from "better-call";
 
@@ -94,4 +94,4 @@ declare const openAPI: <O extends OpenAPIOptions>(options?: O | undefined) => {
   options: NoInfer<O>;
 };
 //#endregion
-export { type FieldSchema, type OpenAPIModelSchema, OpenAPIOptions, type Path, generator, openAPI };
+export { type FieldSchema, type OpenAPIModelSchema, OpenAPIOptions, OpenAPIParameter, OpenAPISchema, type Path, generator, openAPI };

package/dist/plugins/organization/adapter.mjs

@@ -678,10 +678,11 @@ const getOrgAdapter = (context, options) => {
 				field: "status",
 				value: data.fromStatus
 			});
-			return await adapter.update({
+			return await adapter.incrementOne({
 				model: "invitation",
 				where,
-				update: { status: data.status }
+				increment: {},
+				set: { status: data.status }
 			});
 		}
 	};

package/dist/plugins/organization/routes/crud-access-control.mjs

@@ -564,7 +564,7 @@ const updateOrgRole = (options) => {
 			...updateData,
 			...updateData.permission ? { permission: JSON.stringify(updateData.permission) } : {}
 		};
-		await ctx.context.adapter.update({
+		await ctx.context.adapter.updateMany({
 			model: "organizationRole",
 			where: [{
 				field: "organizationId",

package/dist/plugins/two-factor/backup-codes/index.mjs

@@ -177,16 +177,17 @@ const backupCode2fa = (opts) => {
 				}, ctx.context.secretConfig, opts);
 				if (!validate.status || !validate.updated) throw APIError.from("UNAUTHORIZED", TWO_FACTOR_ERROR_CODES.INVALID_BACKUP_CODE);
 				const updatedBackupCodes = await encodeBackupCodes(validate.updated, ctx.context.secretConfig, opts);
-				if (!await ctx.context.adapter.update({
+				if (!await ctx.context.adapter.incrementOne({
 					model: twoFactorTable,
-					update: { backupCodes: updatedBackupCodes },
 					where: [{
 						field: "id",
 						value: twoFactor.id
 					}, {
 						field: "backupCodes",
 						value: twoFactor.backupCodes
-					}]
+					}],
+					increment: {},
+					set: { backupCodes: updatedBackupCodes }
 				})) throw APIError.fromStatus("CONFLICT", { message: "Failed to verify backup code. Please try again." });
 				if (!ctx.body.disableSession) return valid(ctx);
 				return ctx.json({

package/dist/state.mjs

@@ -17,6 +17,7 @@ const stateDataSchema = z.looseObject({
 	}).optional(),
 	requestSignUp: z.boolean().optional()
 });
+const INTERNAL_STATE_KEYS = new Set(Object.keys(stateDataSchema.shape));
 var StateError = class extends BetterAuthError {
 	code;
 	details;
@@ -130,4 +131,4 @@ async function parseGenericState(c, state, settings) {
 	return parsedData;
 }
 //#endregion
-export { StateError, generateGenericState, parseGenericState };
+export { INTERNAL_STATE_KEYS, StateError, generateGenericState, parseGenericState };